Module: OpenSSL

Defined in:
lib/openssl/bn.rb,
deprecation.rb,
lib/openssl/ssl.rb,
lib/openssl/x509.rb,
lib/openssl/digest.rb,
lib/openssl/cipher.rb,
lib/openssl/config.rb,
ossl.c,
ossl_bn.c,
ossl_ssl.c,
ossl_hmac.c,
ossl_rand.c,
ossl_pkey.c,
ossl_pkcs5.c,
ossl_digest.c,
ossl_pkey_dh.c,
ossl_pkey_ec.c,
ossl_x509cert.c,
ossl_x509store.c,
ossl_ssl_session.c,
ossl_ns_spki.c

Overview

$RCSfile$

Ruby-space predefined Cipher subclasses

Info

‘OpenSSL for Ruby 2’ project Copyright © 2002 Michal Rokos <[email protected]> All rights reserved.

Licence

This program is licenced under the same licence as Ruby. (See the file ‘LICENCE’.)

Version

$Id: cipher.rb 36895 2012-09-04 00:57:31Z nobu $

++

Defined Under Namespace

Modules: ASN1, Buffering, Netscape, OCSP, PKCS5, PKey, Random, SSL, X509 Classes: BN, BNError, Cipher, Config, ConfigError, Digest, Engine, HMAC, HMACError, OpenSSLError, PKCS12, PKCS7

Constant Summary collapse

VERSION =

OpenSSL ruby extension version

rb_str_new2(OSSL_VERSION)
OPENSSL_VERSION =

Version of OpenSSL the ruby OpenSSL extension was built with

rb_str_new2(OPENSSL_VERSION_TEXT)
OPENSSL_VERSION_NUMBER =

Version number of OpenSSL the ruby OpenSSL extension was built with (base 16)

INT2NUM(OPENSSL_VERSION_NUMBER)
OPENSSL_FIPS =
Qfalse

Class Method Summary collapse

Class Method Details

.check_func(func, header) ⇒ Object



17
18
19
20
# File 'deprecation.rb', line 17

def self.check_func(func, header)
  have_func(func, header, deprecated_warning_flag) and
    have_header(header, nil, deprecated_warning_flag)
end

.debugObject



396
397
398
399
400
# File 'ossl.c', line 396

static VALUE
ossl_debug_get(VALUE self)
{
    return dOSSL;
}

.debug=(boolean) ⇒ Boolean

Turns on or off CRYPTO_MEM_CHECK. Also shows some debugging message on stderr.

Returns:

  • (Boolean)


409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
# File 'ossl.c', line 409

static VALUE
ossl_debug_set(VALUE self, VALUE val)
{
    VALUE old = dOSSL;
    dOSSL = val;

    if (old != dOSSL) {
	if (dOSSL == Qtrue) {
	    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
	    fprintf(stderr, "OSSL_DEBUG: IS NOW ON!\n");
	} else if (old == Qtrue) {
	    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
	    fprintf(stderr, "OSSL_DEBUG: IS NOW OFF!\n");
	}
    }
    return val;
}

.deprecated_warning_flagObject



2
3
4
5
6
7
8
9
10
11
12
13
14
15
# File 'deprecation.rb', line 2

def self.deprecated_warning_flag
  unless flag = (@deprecated_warning_flag ||= nil)
    if try_compile("", flag = "-Werror=deprecated-declarations")
      if with_config("broken-apple-openssl")
        flag = "-Wno-deprecated-declarations"
      end
      $warnflags << " #{flag}"
    else
      flag = ""
    end
    @deprecated_warning_flag = flag
  end
  flag
end

.Digest(name) ⇒ Object

Returns a Digest subclass by name.

require 'openssl'

OpenSSL::Digest("MD5")
# => OpenSSL::Digest::MD5

Digest("Foo")
# => NameError: wrong constant name Foo


82
83
84
# File 'lib/openssl/digest.rb', line 82

def Digest(name)
  OpenSSL::Digest.const_get(name)
end

.errorsArray

See any remaining errors held in queue.

Any errors you see here are probably due to a bug in ruby’s OpenSSL implementation.

Returns:

  • (Array)


357
358
359
360
361
362
363
364
365
366
367
368
369
# File 'ossl.c', line 357

VALUE
ossl_get_errors()
{
    VALUE ary;
    long e;

    ary = rb_ary_new();
    while ((e = ERR_get_error()) != 0){
        rb_ary_push(ary, rb_str_new2(ERR_error_string(e, NULL)));
    }

    return ary;
}

.fips_mode=(boolean) ⇒ Boolean

Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an effect for FIPS-capable installations of the OpenSSL library. Trying to do so otherwise will result in an error.

Examples

OpenSSL.fips_mode = true # turn FIPS mode on OpenSSL.fips_mode = false # and off again

Returns:

  • (Boolean)


440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
# File 'ossl.c', line 440

static VALUE
ossl_fips_mode_set(VALUE self, VALUE enabled)
{

#ifdef HAVE_OPENSSL_FIPS
    if (RTEST(enabled)) {
	int mode = FIPS_mode();
	if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
	    ossl_raise(eOSSLError, "Turning on FIPS mode failed");
    } else {
	if(!FIPS_mode_set(0)) /* turning off twice is OK */
	    ossl_raise(eOSSLError, "Turning off FIPS mode failed");
    }
    return enabled;
#else
    if (RTEST(enabled))
	ossl_raise(eOSSLError, "This version of OpenSSL does not support FIPS mode");
    return enabled;
#endif
}